MAL-2025-191580

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/pixel-bloom/MAL-2025-191580.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191580
Aliases
  • SNYK-JS-PIXELBLOOM-14152280
Published
2025-12-01T13:20:52Z
Modified
2026-03-19T12:47:06.472772Z
Summary
Malicious code in pixel-bloom (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (3e8b2781d37ee1adef96e13bb9b91bbf543cf9536031d1b42f574ffc860b8922)

The package pixel-bloom was found to contain malicious code.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "10.29.1",
                "10.29.4"
            ],
            "sha256": "1ef68d5fe34aab21507afea329ab73d555ffd6916efac668aa1ae3f9eae0388b",
            "modified_time": "2025-12-01T13:20:52Z",
            "source": "reversing-labs",
            "id": "RLMA-2025-05916",
            "import_time": "2025-12-02T09:09:52.706153977Z"
        },
        {
            "versions": [
                "10.29.1",
                "10.29.4"
            ],
            "sha256": "3e8b2781d37ee1adef96e13bb9b91bbf543cf9536031d1b42f574ffc860b8922",
            "modified_time": "2025-12-02T21:11:00Z",
            "source": "amazon-inspector",
            "import_time": "2025-12-02T21:35:53.983486646Z"
        },
        {
            "versions": [
                "10.29.11"
            ],
            "sha256": "05f6a3130f89ce07e1cffe4fd6bd039d8135145e7f68ef05397dbf943c1c59f5",
            "modified_time": "2025-12-23T08:24:35Z",
            "source": "reversing-labs",
            "id": "RLUA-2025-06448",
            "import_time": "2025-12-24T10:07:35.362913635Z"
        },
        {
            "sha256": "941e0531ccf4691a9e6a73d92e389139cd99de2973a821dd54acb2da9c91e846",
            "modified_time": "2026-03-18T13:03:52Z",
            "source": "reversing-labs",
            "id": "RLUA-2026-01490",
            "import_time": "2026-03-19T12:20:57.463206547Z"
        }
    ]
}
References
Credits

Affected packages

npm / pixel-bloom

Package

Affected ranges

Affected versions

10.*
10.29.1
10.29.4
10.29.11

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/pixel-bloom/MAL-2025-191580.json"